Cyber attacks on rise but Orgs hiring of IT security staff drops

Even with increased number of cyber attacks across the world resulting in data and financial loss, organizations still are spending the least in hiring new IT security staff to fill security loopholes.Aritra Sarkhel | ET Tech | October 12, 2017, 08:16 IST

Even with increased number of cyber attacks across the world resulting in data and financial loss, organizations still are spending the least in hiring new IT security staff to fill security loopholes.

According to a report by cybersecurity company Fortinet, organizations spend on hiring new IT security hires stands lowly at 33% in India while the globally, the investments are at 23%. The most investments are into upgrading of current security portfolio of solutions.

Rajesh Maurya, Regional Vice President, India and SAARC, Fortinet while speaking to ETtech said that most organizations tend to think that they have reached a stage wherein with greater automation and the advancement of technology in general, the dependency of cyber security on human beings will fall.

But he says that the truth is quite the opposite. "Attacks have become dangerously sophisticated and there must be more concerted setting of the security education agenda, curriculum development and knowledge transfer, funding and internship programs."

He adds that cybercriminals aren’t breaking into systems using new zero day attacks but are primarily exploiting already discovered vulnerabilities which mean they can spend more of their resources on technical innovations making their exploits difficult to detect. "According to the survey, 84% of Indian organizations have been victims of security breach in the past 2 years while 54% have attributed the breach to a malware or ransomware while 50% have assigned internal or external factors responsible for the breach. 40% have attributed breaches in India to IoT devices or BYOD which is significantly higher than the global data of 29%."

Threats like WannaCry were remarkable for how fast they spread and for their ability to target a wide range of industries. Yet, they could have been largely prevented if more organizations practiced consistent cyber hygiene.

Unfortunately, adversaries are still seeing a lot of success in using hot exploits for their attacks that have not been patched or updated. To complicate matters more, once a particular threat is automated, attackers are no longer limited to targeting specific industries, therefore, their impact and leverage only increases over time.

The report also highlights that ins pite of security being a business risk, discussion around cyber secuity is still not common in board meetings. Maurya points out that the security agenda of the board appears to be essentially reactive. "In spite of a clear and present threat, 42% of IT decision makers in India believe that cybersecurity is still not a top priority discussion for the board and investment comes either in the wake of global cyber attacks like WannaCry (71%) or to comply with government regulations (47%)."

The board appears to be more involved in post-breach management than prevention – only taking action as a result of security breaches in 93% of cases with the vast majority 89% - wanting to know what happened, i.e. identifying the cause of the breach and reviewing IT security processes while two-thirds 78% - want to review or increase the budget in response."

As a result, IT decision makers feel strongly that cyber security should become a top management priority with 87% of the respondents saying that the board should actually put IT security under greater scrutiny.RELATED

Subscribe ETCIO Newsletter

As the Special Chief Secretary & IT Advisor to the Chief Minister - Govt. of Andhra Pradesh, J A Chowdary is all for chasing new growth horizons, pursuing radically different development approaches and outguessing technology trends that will shape the future.

As the Special Chief Secretary & IT Advisor to the Chief Minister - Govt. of Andhra Pradesh, J A Chowdary is all for chasing new growth horizons, pursuing radically different development approaches and outguessing technology trends that will shape the future.